Back to all security reports

Ewon Security Enhancement (FW 11.2s2)

eWON reference: Webserver - eWON authentication mechanism improvement

Affected devices: All
Affected firmware versions: All

Description:
A non-authenticated user could get access in read only to some eWON device information.

Mitigation Factors:
As a rule, we recommend:

  • to avoid making eWONs devices being directly reachable from non-trusted user by using a firewall and an access control policy.
  • for remote access, use a secure remote access solution like Talk2M.

Solution:
Install the last firmware version. This has been fixed as from version 11.2s2.

 

Discovered by: M. Pogliani, D. Quarta, M. Polino, S. Zanero, F. Maggi - Politecnico di Milano